Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

Aussie law firms lack confidence in cyber security, says report

New research has found that the majority of legal professionals have no confidence in their firm’s ability to detect and respond to security breaches.

user iconJames Mitchell 13 April 2023 SME Law
expand image

Australian cyber security organisation DotSec, which specialises in protecting law firms, surveyed legal professionals across Australia to measure their knowledge of cyber threats and the opportunities that security measures unlock for firms.

The 2023 State of Cyber Maturity for Australian Law Firms report found that only 48 per cent of Australian legal firms are confident in their ability to detect and respond to threats. These firms have a higher level of cyber maturity with processes in place for employees across their organisations to be able to identify potential attacks and irregularities and respond accordingly.

However, the majority (51 per cent) of legal firms admitted they are not confident in their threat detection and response capabilities.


The findings come after major Australian organisations Optus and Medibank suffered significant data breaches. More recently, ASX-listed lender Latitude Financial suffered a major cyber attack that saw more than 100,000 customer identification documents stolen. 

Worryingly, of the 51 per cent of legal firms that are not confident in their detection and response capabilities, 11 per cent have no procedures in place and will only be able to respond once an attack has occurred.

Commenting on the findings, DotSec owner Tim Redhead said legal firms that have a culture of investing in cyber security at all levels are able to better articulate their unique propositions to clients.

“In a rapidly evolving threat landscape, there are clear benefits for investing in the protection of your information. However, with a small shift of focus and a clear articulation, alongside accreditation with compliance frameworks, legal firms can position themselves as a leader,” Mr Redhead said.

“To move effectively on this journey, legal firms need to educate their staff in the importance of cyber security for the threat, compliance and opportunity of the investments.”

External cyber security consultants can play an important role in these conversations to move the needle among senior decision-makers, Mr Redhead said.

“At DotSec, we take a holistic approach to understanding your firm’s cyber security maturity and create a technical and cultural pathway for your firm to follow that will enable you to access the benefits of a more secure practice, with the benefits that follow,” he said.

A key finding from the DotSec report was that most legal firms lack an understanding of how cyber security can be a competitive advantage.

Organisations solely focused on cyber security opportunities only account for 3 per cent, while threats remain the single driving factor for cyber security improvement. This indicates that there is a small segment of organisations that understand there is a strong competitive advantage in using cyber security to deter threats and position themselves in the market more attractively.

From July to December 2021, legal service firms were one of the top three industries in Australia to report data breaches, positioned at third place with 51 incidents of attacks recorded by the Australian government’s 2021 Notifiable Data Breaches Report.